In what situations would collect an image of memory most useful to the investigation?

1.5kviews

written 7.8 years ago by

sreenandan.m • 0

modified 3.9 years ago by

krithikkm200 • 10

Subject: Digital Forensics

Topic: Initial response and forensic duplication

Difficulty: Low

digital forensics

ADD COMMENT EDIT

1 Answer

21views

written 7.8 years ago by

sreenandan.m • 0

A memory image is useful in two situations.

First, when malware is primarily memory-resident and leaves little trace evidence on storage.

Second, when attackers use encryption. We’ve gained access to many a password-protected RAR file through the examination of memory images.

ADD COMMENT EDIT

Please log in to add an answer.